XXE attack in EMC Unisphere - #VU12276
Published: April 27, 2018
Vulnerability identifier: #VU12276
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Unisphere
EMC Unisphere
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to improper restriction of XML external entity reference. A remote attacker can cause the service to crash, conduct XML external entity attacks to obtain files and gain root privileges.
The weakness exists due to improper restriction of XML external entity reference. A remote attacker can cause the service to crash, conduct XML external entity attacks to obtain files and gain root privileges.
Remediation
Install update from vendor's website.